# Ubiquiti UniFi

## Device CLI

Yes, the UniFi switches actually have a CLI... who knew! No you don't have to wait three minutes for the Unifi controller to update... 🙃

You can make configuration changes from the cli, but they will not be persistent across reboots or resyncs with the controller.

The commands below are from a USW-48-PoE (Standard). Other models may vary.

```
cli
# or
telnet localhost
```

```
show running-config
```

```
show mac address-table
show mac address-table interfaces GigabitEthernet 1
show mac address-table vlan 2
```

```
# wouldn't it be nice if Ubiquiti would actually share this information from the controller!?!?!
show lldp neighbor
```

```
show interfaces GigabitEthernet 1 status
show interfaces GigabitEthernet 1-8 status
show interfaces GigabitEthernet 1-26 status
show interfaces GigabitEthernet 1-52 status

# example output
USW-48-G2# show interfaces GigabitEthernet 1-8
  <cr>
  protected  Configure an interface to be a protected port
  status     Port status information
JRN1A-SW2-USW-48-G2# show interfaces GigabitEthernet 1-52 status
Port  Name                 Status      Vlan  Duplex  Speed    Type
gi1   Port 1               notconnect  11    auto    auto     Copper
gi2   Port 2               connected   11    a-full  a-100M   Copper
gi3   Port 3               connected   11    a-full  a-1000M  Copper
gi4   Port 4               notconnect  11    auto    auto     Copper
gi5   Port 5               connected   11    a-full  a-1000M  Copper
gi6   Port 6               notconnect  11    auto    auto     Copper
gi7   Port 7               notconnect  11    auto    auto     Copper
gi8   Port 8               notconnect  11    auto    auto     Copper
```

```
show vlan
show vlan 2 interfaces GigabitEthernet 1-52 membership
```

```
# show 802.1x configuration for a port or multiple ports
show authentication interfaces GigabitEthernet 1
show authentication interfaces GigabitEthernet 1-24
show authentication interfaces GigabitEthernet 1-48
```

```
# show 802.1x authentication sessions
show authentication sessions

# example output with MAC Addresses redacted
USW-48-G2# show authentication  sessions
Total Session Number: 13

Interface  MAC Address       Type    Status       Session ID
---------- ----------------- ------- ------------ ----------------
gi3        XX:YY:ZZ:11:22:33 mac     Guest        0000000100015C5C
gi5        XX:YY:ZZ:11:22:33 mac     Guest        0000000200015C5C
gi26       XX:YY:ZZ:11:22:33 mac     Guest        0000000300015D10
gi40       XX:YY:ZZ:11:22:33 mac     Guest        0000000500015F0E
gi39       XX:YY:ZZ:11:22:33 mac     Guest        0000000700016256
gi34       XX:YY:ZZ:11:22:33 mac     Guest        0000000A00016DAA
gi18       XX:YY:ZZ:11:22:33 mac     Guest        0000000D00017930
gi2        XX:YY:ZZ:11:22:33 dot1x   Authorized   0000000E000180B0
gi43       XX:YY:ZZ:11:22:33 dot1x   Authorized   0000000F000188EE
gi20       XX:YY:ZZ:11:22:33 dot1x   Authorized   00000012003531F1
gi24       XX:YY:ZZ:11:22:33 dot1x   Authorized   00000013004F754C
gi28       XX:YY:ZZ:11:22:33 dot1x   Authorized   00000016006F8AB7
gi31       XX:YY:ZZ:11:22:33 dot1x   Authorized   0000001700731DA1
```

```
# configure
(config)# interface GigabitEthernet 34
(config-if)# shutdown
(config-if)# no shutdown
```

## Random Stuff

##### List users in the UniFi Controller database

```bash
# show list of users in the unifi mongodb database
mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"
```

##### Change password for a UniFi Controller user

```bash
# change <UserName> to an actual user on the unifi controller
# the command will reset that user password to 'password'
mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$GgQYRQnUs4wYkRd$7g6mig.les9salut9CZjUrG/UqqF6R/2RiCaCQEpEzz/7UtAtzeeQsVDnacAW1el2KH/jvUuJ4Eh08xy.KGl0/" } } )'
```

[Decrypt a UniFi Controller backup](https://github.com/zhangyoufu/unifi-backup-decrypt)

##### Force dhcp to renew ip address

1. Get the PID of the udhcpc process
2. Send that process the USR1 signal which tells udhcpc to renew its IP address 👍

```shell
# find the PID of the udhcpc process
ps | grep udhcpc
```

```shell
# output of the above command
 4052 admin     3480 S    /sbin/udhcpc -f -i eth0 -V ubnt -A 10 -s /etc/udhcpc/udhcpc -p /var/run/udhcpc.eth0.pid
 6648 admin     3504 R    sh /usr/etc/syswrapper.sh ssh-trace-cmd -c ps | grep udhcpc -n 4 -i
 6650 admin     3480 R    grep udhcpc
```

```shell
# instruct udhcpc to renew its IP address by sending it's process the USR1 signal
kill -USR1 4052
```

#### Manually removing items from mongo

```bash
# Connect using the traditional mongo shell on UniFi's default port
mongo --port 27117

# If your UniFi version uses the newer mongosh shell:
mongosh --port 27117
```

```javascript
// ===========================================================
// Once inside the shell, switch to the primary UniFi database
use ace


// ===========================
// Force forget a ghost device

// For modern UniFi setups (MongoDB 5.0+)
db.device.deleteMany({"mac":"xx:xx:xx:xx:xx:xx"})

// For older UniFi setups
db.device.remove({"mac":"xx:xx:xx:xx:xx:xx"})


// ===========================
// Delete Stale Client History

db.user.deleteMany({"mac":"xx:xx:xx:xx:xx:xx"})


// =======================
// Delete an Admin Profile

db.admin.deleteMany({"email":"admin@example.com"})


// =============
// apply changes

// On Linux / Ubuntu
sudo systemctl restart unifi

// On Cloud Key / UDM
init 6 or restart via the OS Settings Console
```

:end